## <summary>Network analysis utilities</summary>

########################################
## <summary>
##	Execute network utilities in the netutils domain.
## </summary>
## <param name="domain">
##	<summary>
##	The type of the process performing this action.
##	</summary>
## </param>
#
interface(`netutils_domtrans',`
	gen_require(`
		type netutils_t, netutils_exec_t;
	')

	domain_auto_trans($1,netutils_exec_t,netutils_t)

	allow $1 netutils_t:fd use;
	allow netutils_t $1:fd use;
	allow netutils_t $1:fifo_file rw_file_perms;
	allow netutils_t $1:process sigchld;
')

########################################
## <summary>
##	Execute network utilities in the netutils domain, and
##	allow the specified role the netutils domain.
## </summary>
## <param name="domain">
##	<summary>
##	The type of the process performing this action.
##	</summary>
## </param>
## <param name="role">
##	<summary>
##	The role to be allowed the netutils domain.
##	</summary>
## </param>
## <param name="terminal">
##	<summary>
##	The type of the terminal allow the netutils domain to use.
##	</summary>
## </param>
#
interface(`netutils_run',`
	gen_require(`
		type netutils_t;
	')

	netutils_domtrans($1)
	role $2 types netutils_t;
	allow netutils_t $3:chr_file rw_term_perms;
')

########################################
## <summary>
##	Execute network utilities in the caller domain.
## </summary>
## <param name="domain">
##	<summary>
##	The type of the process performing this action.
##	</summary>
## </param>
#
interface(`netutils_exec',`
	gen_require(`
		type netutils_exec_t;
	')

	can_exec($1,netutils_exec_t)
')

########################################
## <summary>
##	Execute ping in the ping domain.
## </summary>
## <param name="domain">
##	<summary>
##	The type of the process performing this action.
##	</summary>
## </param>
#
interface(`netutils_domtrans_ping',`
	gen_require(`
		type ping_t, ping_exec_t;
	')

	domain_auto_trans($1,ping_exec_t,ping_t)

	allow $1 ping_t:fd use;
	allow ping_t $1:fd use;
	allow ping_t $1:fifo_file rw_file_perms;
	allow ping_t $1:process sigchld;
')

########################################
## <summary>
##	Execute ping in the ping domain, and
##	allow the specified role the ping domain.
## </summary>
## <param name="domain">
##	<summary>
##	The type of the process performing this action.
##	</summary>
## </param>
## <param name="role">
##	<summary>
##	The role to be allowed the ping domain.
##	</summary>
## </param>
## <param name="terminal">
##	<summary>
##	The type of the terminal allow the ping domain to use.
##	</summary>
## </param>
#
interface(`netutils_run_ping',`
	gen_require(`
		type ping_t;
	')

	netutils_domtrans_ping($1)
	role $2 types ping_t;
	allow ping_t $3:chr_file rw_term_perms;
')

########################################
## <summary>
##	Conditionally execute ping in the ping domain, and
##	allow the specified role the ping domain.
## </summary>
## <param name="domain">
##	<summary>
##	The type of the process performing this action.
##	</summary>
## </param>
## <param name="role">
##	<summary>
##	The role to be allowed the ping domain.
##	</summary>
## </param>
## <param name="terminal">
##	<summary>
##	The type of the terminal allow the ping domain to use.
##	</summary>
## </param>
#
interface(`netutils_run_ping_cond',`
	gen_require(`
		type ping_t;
		bool user_ping;
	')

	role $2 types ping_t;

	if ( user_ping ) {
		netutils_domtrans_ping($1)
		allow ping_t $3:chr_file rw_term_perms;
	}
')

########################################
## <summary>
##	Execute ping in the caller domain.
## </summary>
## <param name="domain">
##	<summary>
##	The type of the process performing this action.
##	</summary>
## </param>
#
interface(`netutils_exec_ping',`
	gen_require(`
		type ping_exec_t;
	')

	can_exec($1,ping_exec_t)
')

########################################
## <summary>
##	Execute traceroute in the traceroute domain.
## </summary>
## <param name="domain">
##	<summary>
##	The type of the process performing this action.
##	</summary>
## </param>
#
interface(`netutils_domtrans_traceroute',`
	gen_require(`
		type traceroute_t, traceroute_exec_t;
	')

	domain_auto_trans($1,traceroute_exec_t,traceroute_t)

	allow $1 traceroute_t:fd use;
	allow traceroute_t $1:fd use;
	allow traceroute_t $1:fifo_file rw_file_perms;
	allow traceroute_t $1:process sigchld;
')

########################################
## <summary>
##	Execute traceroute in the traceroute domain, and
##	allow the specified role the traceroute domain.
## </summary>
## <param name="domain">
##	<summary>
##	The type of the process performing this action.
##	</summary>
## </param>
## <param name="role">
##	<summary>
##	The role to be allowed the traceroute domain.
##	</summary>
## </param>
## <param name="terminal">
##	<summary>
##	The type of the terminal allow the traceroute domain to use.
##	</summary>
## </param>
#
interface(`netutils_run_traceroute',`
	gen_require(`
		type traceroute_t;
	')

	netutils_domtrans_traceroute($1)
	role $2 types traceroute_t;
	allow traceroute_t $3:chr_file rw_term_perms;
')

########################################
## <summary>
##	Conditionally execute traceroute in the traceroute domain, and
##	allow the specified role the traceroute domain.
## </summary>
## <param name="domain">
##	<summary>
##	The type of the process performing this action.
##	</summary>
## </param>
## <param name="role">
##	<summary>
##	The role to be allowed the traceroute domain.
##	</summary>
## </param>
## <param name="terminal">
##	<summary>
##	The type of the terminal allow the traceroute domain to use.
##	</summary>
## </param>
#
interface(`netutils_run_traceroute_cond',`
	gen_require(`
		type traceroute_t;
		bool user_ping;
	')

	role $2 types traceroute_t;

	if( user_ping ) {
		netutils_domtrans_traceroute($1)
		allow traceroute_t $3:chr_file rw_term_perms;
	}
')

########################################
## <summary>
##	Execute traceroute in the caller domain.
## </summary>
## <param name="domain">
##	<summary>
##	The type of the process performing this action.
##	</summary>
## </param>
#
interface(`netutils_exec_traceroute',`
	gen_require(`
		type traceroute_exec_t;
	')

	can_exec($1,traceroute_exec_t)
')